...
Warning | ||
---|---|---|
| ||
This page is under construction. Please refer back later or contact kens@aaisonline.com for more information. |
Scope
The scope of this policy is the ND UIM POC. It applies to all systems and activities used for the execution of the POC.
Policy
Identity and Access Management
Identity and Access Management - Application
Identities used to access the applications are managed in Cognito. The Cognito instance and it's userpools are separate for each carrier node. There is not shared Cognito across carriers in the carrier nodes. The multi-tenant node uses shared cognito userpools. We are not utillizing the multi-tenant node for carrier activity. AAIS and the DOI will have identities on the multi-tenant node.
A userid and password are required to access the applications. (MFA?)
Identity and Access Management - Cloud Infrastructure
Each carrier has a node which is hosted in a separate account. AWS is the hosting cloud provider. The overall account is managed by AAIS. The specific organization is separate from all other organizations. IAM users are set up for Chainyard. Chainyard manages the infrastructure on behalf of the Carrier at the direction of AAIS. AAIS and Chainyard are able to administer the account and it's services. No other entity has access to the AWS organization or it's services. The carrier may request and IAM identity.
Identity and Access Management - Blockchain Network
Data Privacy
The data used during the POC is private to the carrier. It remains in its raw form only on the carrier node. When the extraction occurs, a salted hash is passed through the blockchain to the analytics node. Once on the analytics node, the results of the extraction from all carriers are compared with the ND DOT registered VINs and a report is generated.
Personally Identifiable Information
The system uses email address as the user id. The organization for the user is also identified. This is only visible inside Cognito. Each carrier node has a separate Cognito instance and userpool.
...